DDoS Attacks: What Happened And What We Should Do About It

October 24, 2016
No Comment

Bob Gourley

The security community has been watching the DDoS threat grow to incredible levels. DDoS attacks are up 75% over last year. Over 30% of attacks reach sustained peaks of over 10 Gbps, an amount that will swamp most every business user. Some very large attacks have gone as high as 600 Gbps, a size that is overwhelming to the largest infrastructure providers.

On 21 October 2016 one of these very large attacks occurred against Internet infrastructure provider Dyn. This resulted in outages of many highly popular sites, disrupting access to Amazon, Twitter, Reddit, Airbnb, New York times, Spotfiy, Netflix and many others. Dyn provides many advanced services to these providers including managing their DNS. Since DNS is critical to how computers find other computers, traffic to these major sites was impacted because of the Dyn DDoS attack.

The probable attack vector was compromised IoT devices controlled by malicious code called “Mirai”.  This software scans the Internet for devices that still use default passwords, and then uses common protocols like telnet to log into those devices. After doing that it is in control of the device. The code actually hardens the devices a little bit to prevent other attacks against it. From that point on the device can be used as a node in a DDoS attack.

What can be done to prevent this attack or mitigate the impact of similar attacks when they occur? We provide our thoughts here, segmented into recommendations for Home Users, Business Users and Local, State, Federal Governments.